Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

VLAN Best Practices

These are some general guidelines in creating VLANs. A VLAN creates a boundary between devices, so the goal is to plan the boundaries that will improve network functionality and security.

  1. Grouping devices by traffic patterns - Devices that communicate extensively between each other are good candidates to be grouped into a common VLAN.
  2. Grouping devices for security - It is often a good practice to put servers and key infrastructure in their own VLAN, isolating them from the general broadcast traffic and enabling greater protection.
  3. Grouping devices by traffic types - As discussed in this How To, VoIP quality is improved by isolating VoIP devices to their own VLAN. Other traffic types may also warrant their own VLAN. Traffic types include network management traffic, IP multicast traffic such as video, file and print services, email, Internet browsing, database access, shared network applications, and traffic generated by peer-to-peer applications.
  4. Grouping devices geographically - In a network with limited trunking, it may be beneficial to combine the devices in each location into their own VLAN.

More VLAN Technologies

In this How To, I've configured static VLANs. A static VLAN is created by assigning switch ports to specific VLAN numbers. Some switches may support dynamic VLANs, which are created by assigning MAC addresses to VLAN numbers. Dynamic VLANs are a less common way to configure VLANs and are more resource intensive to build and maintain. But they do enable mobility of devices while retaining VLAN boundaries.

As discussed, I didn't use VLAN Trunking in this example. If I had multiple VLAN-aware switches, I would likely have employed Trunking to enable distributed VLAN configurations.

The standard protocol for VLAN Tagging is 802.1Q, sometimes referred to as Dot1Q. If you're selecting a VLAN capable device, you'll want to ensure this protocol is supported for interoperability, especially if you're going to use it in VLAN trunking applications. The ability to change a port's PVID usually comes along with 802.1Q capability.

Conclusion

The Linksys SRW2008 is a nice switch for creating VLANs on your small network. Each of its eight ports support gigabit Ethernet, so it could serve as a central switch connected to multiple other switches. You could use less-expensive unmanaged switches to group devices, and connect each unmanaged switch to a port on the SRW, using the SRW's VLAN capability to break up the broadcast domains and maximize available bandwidth.

However, pretty much any managed or "smart" switch supports port-based VLANs, which is sufficient to implement the example in this article. Use the Gigabit Smart Switch Feature Comparison Table to explore other VLAN-capable products. Note, however, that the TrendNet TEG-160WS can't be used because it doesn't allow you to change port PVIDs.

A final plus to using VLANs is network design. VLANs enable segmentation and grouping, which are recognized elements of good network design. Good design makes network growth and maintenance easier. Being able to eliminate all the devices in one VLAN as a possible cause of a problem in the other VLAN is a helpful and immediate benefit of having VLANs in your network.

With the right equipment and good planning, implementing a VLAN is straightforward. Take your time and follow these steps, and you'll be rewarded with more bandwidth, increased security, and a better-designed network.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I have been using an RT-AC5300 for a couple years. Recently in the last few months I've had issues with the 5Ghz-2 channel so after troubleshooting it...
I'm trying to take my RT ac68u out of aimesh mode and when I did the reset it wouldn't come back to life at 192.168.1.1. I proceeded to do a recovery ...
So I can pinglogin003.stockholm.seon my AX88 router - works perfect. GUI and commandline, both works just great.However my clients, windows/linux/andr...
Hi there,I'm struggling with port sharing 32400.Without a firewall, port sharing works and can access Plex.However, when I turn on the firewall, shari...
I have an Asus AC-68U acting as the Primary Router running 384.14. When I enable IPv6 and set it to Native Mode, i can see IPv6 address on my interfac...

Don't Miss These

  • 1
  • 2
  • 3